It has been over a year since the European Union’s (EU) General Data Protection Regulations (GDPR) took effect, yet a recent study found that companies worldwide have not been adhering to the policies. A study conducted by the Ponemon Institute found that not only are companies not reporting data breaches but are overall unfamiliar with the regulations as a whole.
What Is Included in the GDPR Laws
While the GDPR Laws were created for countries that are a part of the European Union, any countries who trade or have dealings with an E.U. country must also be compliant. The goal of the regulations is to protect data privacy and offers the following protections:
While these seem to be general rights that consumers should have globally, there are still no national data privacy laws in the United States. According to the study, businesses in European countries are not much better with laws in place. Almost half of the respondents experienced a data breach that was required to be reported under the new law but flew under the radar. Less than 20% of businesses were confident in their ability to handle reporting breaches in the allotted time frame.
Company-Wide Compliance Issues
Reporting breaches is not the only issue at hand. The introduction of other data security laws like the California Consumer Privacy Act (CCPA) has caused some confusion as to which laws need to be followed when dealing with consumer data.
To combat this problem, companies have hired specific compliance officers and outside cybersecurity companies to deal with breaches and ensure protocols are being followed. This leads to the problem of the hired workers having a full understanding of the regulations while company heads and other vital employees are uneducated about the proper use of company data.
There has been an increase in cyber risk insurance, but the study showed that many companies are unsure if their policy covers GDPR fines and penalties. Depending on the severity of the penalty, fines can be up to 20 million euros (USD 22 million) or 4% of the company’s total global turnover of the preceding fiscal year. It ultimately comes down to which amount will be higher.
Solutions for Following Data Privacy Laws
While some countries are on their way to compliance with 86% stating they appointed a GDPR data protection officer, others are still lagging behind. Over half of American companies are applying the GDPR rules to their employees but 43% of EU companies have applied the regulations.
Cybersecurity professionals have suggested that companies conduct risk assessments and identify their vulnerabilities with the help of an attorney or proper litigation. These practices can help protect their corporations from cyber risks in the first place.
The best way to store company data and protect it from cyber attacks is to store it using a hardware encrypted storage device. The SecureDrive is a hardware encrypted external portable hard drive that eliminated data leaks and is GDPR compliant. With secure authentication methods and features that put control in the hands of the user, the device is ideal for businesses with sensitive information. If your business needs to improve its compliance strategy, call 1-800-875-3230 for a free evaluation of our SecureDrive products.